What is RapID Secure Login?

RapID Secure Login (RapID-SL) is an app for Android and iOS that works with a WordPress plugin to let you and your
subscribers log in to WordPress websites and blogs without using passwords.
Both the app and plugin use the RapID service to generate security credentials.

To log in from any desktop browser, simply scan the QR-code with the RapID-SL app, and it delivers a
cryptographic signature to log you in without having to enter any of your details on the browser. That means there's
no risk of your details being intercepted, cached in the browser or keylogged, and you don't have to remember complex passwords for every site you visit.

When browsing RapID-enabled WordPress sites on a mobile device that has the RapID-SL app installed, tap the QR-code on the login page to automatically launch RapID-SL.
The app then logs you in after authenticating with your fingerprint or PIN.

The RapID-SL app manages all your accounts, so you can log in to multiple accounts on multiple websites using
just your mobile device with your fingerprint or a simple PIN. When you go to log in to a site on which you
have multiple accounts, the app asks you which account you want to use.

The service is built upon experience gained through Intercede's MyID, developed over the last 20 years to deliver secure credentials
for some of the largest global organizations. Intercede software is currently used to manage over 12 million
credentials worldwide, including numerous US and UK government agencies.

How RapID Secure Login works

Using the RapID service, you get high security authentication using 2048-bit cryptographic keys without having to write a line of code. You can be up and running in just a couple of minutes.

The RapID Secure Login WordPress plugin sets up your WordPress site to have a unique service authentication key and a corresponding trusted issuer certificate.
The authentication key grants your website unique permissions to request credentials for use exclusively with your site,
and the trusted issuer certificate verifies that everyone trying to log in to your site using
the RapID Secure Login app actually has a credential issued for your site.

On the WordPress login page, the plugin generates a random challenge and injects this in the form of a structured QR-code
for the subscriber to scan with the RapID Secure Login app. When they do this, the app recognizes the site as one for which they have a credential, and signs an authentication instruction, which it posts directly to the website.
WordPress detects and validates the authentication instruction, maps the anonymous certificate to an actual account and completes the login process.

The great thing about the process is that when a credential has been issued there is no further communication
needed to the RapID service - it's just direct user-to-WordPress communication.

You stay in full control and the privacy of you and your subscribers is protected.

Scan the QR-code with the RapID Secure Login app, and follow the instructions.

You can control which registered users have the ability to collect credentials based on WordPress roles on the Plugin Settings Page.
If you have enabled 'Anyone can register' in General Settings then non-registered users can register on your site. If you want to allow them
to collect a RapID credential during this registration process then enable the WordPress 'New User Default Role' for RapID credential collection.

If you, as the site administrator, have configured activation emails, your subscriber will need to confirm the account by
responding to the WordPress activation email before logging on to the site.

Other Features

Your WordPress site tracks the most recent authentication for each device.

The RapID Secure Login app keeps track of the login history on the mobile device.